Like many others, we have been following the latest developments in Australia related to the “Assistance and Access” bill with a growing sense of frustration. The widespread adoption of strong cryptography and end-to-end encryption has given people around the world the ability to protect their personal information and communicate securely. Life is increasingly lived online, and the everyday actions of billions of people depend on this foundation remaining strong.

Attempting to roll back the clock on security improvements which have massively benefited Australia and the entire global community is a disappointing development.

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars.

We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.

Yesterday AWS became aware of your Github and Hacker News/ycombinator posts describing how Signal plans to make its traffic look like traffic from another site, (popularly known as “domain fronting”) by using a domain owned by Amazon -- Souq.com. You do not have permission from Amazon to use Souq.com for any purpose. Any use of Souq.com or any other domain to masquerade as another entity without express permission of the domain owner is in clear violation of the AWS Service Terms (Amazon CloudFront, Sec. 2.1: “You must own or have all necessary rights to use any domain name or SSL certificate that you use in conjunction with Amazon CloudFront”). It is also a violation of our Acceptable Use Policy by falsifying the origin of traffic and the unauthorized use of a domain.

We are happy for you to use AWS Services, but you must comply with our Service Terms. We will immediately suspend your use of CloudFront if you use third party domains without their permission to masquerade as that third party.

Long before we knew that it would be called Signal, we knew what we wanted it to be. Instead of teaching the rest of the world cryptography, we wanted to see if we could develop cryptography that worked for the rest of the world. At the time, the industry consensus was largely that encryption and cryptography would remain unusable, but we started Signal with the idea that private communication could be simple.

Since then, we’ve made some progress. We’ve built a service used by millions, and software used by billions. The stories that make it back to us and keep us going are the stories of people discovering each other in moments where they found they could speak freely over Signal, of people falling in love over Signal, of people organizing ambitious plans over Signal. When we ask friends who at their workplace is on Signal and they respond “every C-level executive, and the kitchen staff.” When we receive a subpoena for user data and have nothing to send back but a blank sheet of paper. When we catch that glimpse of “Signal blue” on a metro commuter’s phone and smile.

Today’s Signal beta for iOS includes support for animated GIF search. Signal iOS has long supported sending and receiving GIFs, but today’s beta adds support for browsing and searching popular GIFs from within Signal.

We previously announced experimental support for animated GIF search in Signal Android, which we’re now bringing to iOS, along with some privacy updates to the process.

Today’s beta release of Signal for Android and iOS includes support for read receipts. This is an optional new feature that gives you the ability to see and share when messages have been read. Something tells us that you might find this useful…

Using this service, Signal clients will be able to efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service.

The latest Signal beta for Android and iOS introduces support for Signal Profiles.

Profiles allow you to add a picture and display name that will be shown alongside your existing phone number when communicating with other users. Conversations will feel more personal. Group threads will be less confusing.

All of this is possible without sacrificing the privacy and security that you have come to expect from Signal.

The latest Signal beta includes some changes to the way safety numbers work. Back in November, we introduced experimental support for “advisory” safety number changes, with the objective of collecting feedback in order to eventually make this the default experience.

We’ve taken the feedback we’ve received over the past six months and incorporated it into a set of changes that we’re releasing into beta today.

We recently released encrypted video calling as an opt-in beta. We’ve spent the past month collecting feedback and addressing the issues that the Signal community found in order to get it ready for production. Today’s Signal release for Android and iOS enables support for end-to-end encrypted video calls by default, which also greatly enhances the quality of Signal voice calls as well.

Today’s Signal release for Android and iOS includes beta support for video calls.

This represents an entirely new calling infrastructure for Signal, and should increase voice call quality as well. We think it’s a big improvement, but we’re rolling it out in stages to collect feedback from people with different devices, networks, and regions in order to ensure there are no surprises when it’s enabled for everyone by default.

The latest Signal release includes some changes to the way safety numbers work.

Safety numbers allow Signal users to verify the privacy of their communication with a contact, either by comparing a number or by scanning a single QR code. We recently introduced this new design as an update to Signal’s previous UX, which we felt was no longer adequate for what people had come to expect from Signal. Let’s look at the safety numbers design in more detail, then go over what’s new in this release.

The latest Signal release for Android includes support for GIF search and browsing. Signal has long supported sending and receiving GIFs, but this is an experiment that allows users to browse, search, and select popular GIFs from within Signal.

The latest Signal release for iPhone, Android, and Desktop now includes support for disappearing messages.

The timer has come

With this update, any conversation can be configured to delete sent and received messages after a specified interval. The configuration applies to all parties of a conversation, and the clock starts ticking for each recipient once they’ve read their copy of the message.

The latest Signal for iPhone release now includes multi-device support, allowing you to seamlessly move your private messaging experience from your iPhone to your desktop computer and back. Once you’ve linked a desktop client from within the Signal iPhone app, you can switch to the desktop at any time, whether your phone is online or not.

The Signal Desktop app also supports a new iOS theme, which is enabled by default whenever you link a desktop client from the Signal iPhone app. Try it out!

We recently received a great bug report from Jean-Philippe Aumasson and Markus Vervier, who identified a problem with the way that image, audio, and video attachments are processed by the Signal for Android code. We consider the implications of the bug to be low risk to Signal users, but have released an update for the Signal Android app that addresses the problems they reported.

Facebook Messenger has started rolling out Secret Conversations, a feature that enables end-to-end encryption for conversations within Messenger. Secret Conversations is built on Signal Protocol, a modern, open source, strong encryption protocol we developed for asynchronous messaging systems.

Our Signal Protocol libraries are open source, licensed GPLv3. We like the GPL for the quality control that it provides. If someone publicly says that they’re using our software, we want to see if they’ve made any modifications, and whether they’re using it correctly. This helps to increase transparency and accountability in deployments of our software, which we feel are important for end-to-end encryption.

At Open Whisper Systems, our goal is to make private communication simple. The foundation of our technology is Signal Protocol, a modern, open source, strong encryption protocol for asynchronous messaging systems. It is built from the ground up to make seamless end-to-end encrypted messaging possible.

At Open Whisper Systems, we’ve been developing open source “consumer-facing” software for the past four years. We want to share some of the things we’ve learned while doing it.

As a software developer, I envy writers, musicians, and filmmakers. Unlike software, when they create something, it is really done — forever. A recorded album can be just the same 20 years later, but software has to change.

Software exists as part of an ecosystem, and the ecosystem is moving. The platform changes out from under it, the networks evolve, security threats and countermeasures are in constant shift, and the collective UX language rarely sits still. As more money, time, and focus has gone into the ecosystem, the faster the whole thing has begun to travel.

All of this means that the set of expectations users have for social and communication features are evolving rapidly. Anyone building software today knows that it is not possible to stand still.

For the past few months, the Signal Desktop beta has been available through an invitation program. We’ve gotten a lot of feedback, made a lot of improvements, and are now ready to open the beta up for public access.

At Open Whisper Systems, our goal is to make private communication simple. A year ago, we announced a partnership with WhatsApp and committed to integrating the Signal Protocol into their product, moving towards full end-to-end encryption for all of their users by default.

Over the past year, we’ve been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.

As of today, the integration is fully complete. Users running the most recent versions of WhatsApp on any platform now get full end-to-end encryption for every message they send and every WhatsApp call they make when communicating with each other. This includes all the benefits of the Signal Protocol – a modern, open source, forward secure, strong encryption protocol for asynchronous messaging systems, designed to make end-to-end encrypted messaging as seamless as possible.

As of our latest Android release, Signal builds are reproducible. Reproducible builds help to verify that the source code in our GitHub repository is the exact source code used to build the compiled Signal APK being distributed through Google Play.

A few months ago we completed the process of unifying all of our apps across Android, iOS, and the Desktop under the name ‘Signal.’ This simplified the language around our apps and eliminated a lot of confusion. Now we’re doing the same thing “inside” our apps by renaming Axolotl to Signal Protocol.

Axolotl has been the name of the cryptographic protocol that our apps use for end-to-end encryption, but it’s not the easiest word to pronounce. Sometimes people use ‘Axolotl’ to refer to just the base double ratchet instead of the fullmessagingprotocol, so there has also been some confusion around what people mean when they say ‘Axolotl.’

To continue eliminating confusion and simplifying everything within the Signal ecosystem, we’re renaming Axolotl to Signal Protocol. The implementations have been renamed, so there are open source Signal Protocol libraries available for C, Objective C, Java, and JavaScript in our GitHub repository, as before. These have been making their way into an increasing number of communication apps, and we’re excited for the future of the Signal Protocol as it continues to spread.

Today we’re making the Signal Desktop beta available. Signal Desktop brings the trusted private messaging experience of Signal to the desktop, with a simplicity that allows you to seamlessly continue conversations back and forth between your mobile device and your desktop computer.

Today we’ve started rolling out Signal for Android, which unites simple private messaging and simple private calling into a single app on Android. This is the culmination of our effort to combine TextSecure and RedPhone into one app, which we began on iPhone and are now bringing to completion on Android.

After immersing myself for years and years in the world of finance (specifically, options market making and algorithmic trading), there was no escaping this mantra of “no risk, no reward.” Most of the time, my (trading) style was fairly risk-averse. I knew how to find the signals of opportunities among the daily noise to reap small rewards. Fortunately, I also learned how to think about the outliers and to take the occasional big but calculated risks.

It’s 2015, and the end of the road for encrypted SMS/MMS in TextSecure.

The TextSecure story started back in 2009, at the dawn of the smartphone era. Back then, TextSecure focused on securing the transport that everyone coming from feature phones was familiar with: SMS. Today, many things have changed, and TextSecure now emphasizes the “TextSecure transport,” which uses data rather than SMS. While we remain committed to supporting plaintext SMS/MMS in addition to the encrypted TextSecure transport so that the app can function as a unified messenger, we are beginning the process of phasing out support for SMS/MMS as an encrypted transport in favor of the TextSecure data protocol.

It is now possible to send end-to-end encrypted group, text, picture, and video messages between Signal on iPhone and TextSecure on Android, all without SMS and MMS fees. Signal 2.0 blends private phone calls and private messaging into a single frictionless interface, allowing you to focus on what’s important by quickly organizing your conversations using an inbox/archive work flow.

I recently had the opportunity to listen to another amazing podcast from 99% Invisible, a program about “design, architecture and the 99% invisible activity that shapes our world.” It got me thinking about how my world is shaped by the way I engage with computers. The podcast is a story about a computer scientist named Doug Engelbart who was, in essence, a crazy brilliant genius. He thought of ways to change how we interacted with computers and, most famously, was the inventor of the computer mouse. He also invented a specialized companion device to the mouse that worked like the one-hand equivalent of a keyboard.

Late this afternoon I took a break from working to surf. The sun was setting and a cool breeze was picking up as grey clouds billowed behind the mountains along Hanalei Bay. I had spent most of the day wrangling content, markup, and CSS, and the Pacific was calling. There was still plenty of work to be done, but balance is important, and my mind needed to reset. Surfing would be today’s lesson.

In this life nearly every relationship we create and maintain is built upon expectations. You do this, I’ll do that, and together we’ll fail to oppose entropy but stand a chance at plotting and navigating a loose course through it. These expectations extend beyond the individual, past the family, and onto society.

The 1988 film They Live is one of the last great masterpieces to come out of the Hollywood left. In the film, a drifter named John Nada discovers a box of sunglasses that, when worn, allows the wearer to really see the world around him.

For instance, when wearing the glasses, simple advertisements for consumer products are revealed as something other than what they appear.

When I agreed to take part in Winter Break of Code, I had no idea what to really expect. While many people questioned my choice to spend my winter vacation writing code, I was excited for the opportunity to spend a week hanging out with an eclectic group of people while doing two of my favorite things: coding and surfing.

My ten-year-old mind was completely blown when I realized that I could eavesdrop on the walkie-talkie conversations of the other kids in my neighborhood. I rode my bike to the library in stunned silence, found a book about codes and puzzles, and raced home to my computer. I reluctantly transformed QBasic into something other than a conduit for modified games of NIBBLES.BAS and GORILLA.BAS, and wrote a Caesar cipher implementation that worked in both directions. That ended up being the easy part.

A few days ago, someone suggested that we go scuba diving and I said “yeah sure, that sounds fun”. Once we actually got to the dive site I realized I had no clue what I signed up for. I was scared out of my fucking mind, squirming against the ocean’s currents, and convinced I would have to go back to shore while everyone else had fun since I was too much of a wuss. It took some time and a fair amount of patience from my dive instructor before I even made it underwater. But once I reached the calm depths of the ocean, I went from frantically holding my instructor’s hand to feeling comfortable exploring the reefs on my own. Instead of feeling disoriented by being underwater, it began to feel natural to swim among tropical fish and sea turtles.

Every morning at standup I’d watch the knife spin in slow motion, dread filling my chest and a voice in my head repeating, over and over, “not Slytherin.” (The target of the knife is the author of the next day’s blog post). I wasn’t sure that I could find new ways to marvel at the wonderful absurdity of stepping on a plane and trading reality for this – a chance to work on the world with a group of people that I’ve only admired from afar. I wasn’t sure that I had anything to say that hadn’t already been said by my new friends.

A couple of days ago, Jake, one of the brilliant full-timers on Open Whisper Systems, looked up from his laptop and asked me with a smile, “So, Yoko, what’s your life story? How did you come to love humans so much?” It was a whimsical way of asking why I do what I do and why I am here. Having studied Human Computer Interaction and being a user experience (UX) designer, I’ve been asked variations of this question many times before. But it was on this trip I realized my answer needs a little probing.

A few weeks ago, an email full of information to help prep for Winter Break of Code popped up in my inbox. Throughout my personal countdown to the day I got to leave San Francisco for Hawaii, one line from that email continuously resonated throughout my mind: “Have your development environment ready to go.”

Yesterday was a day of meetings. Discussion and debate flourished. Conversations ranged over all parts of every project. Words spoken aloud may have outnumbered lines of code shipped. The entire team was fully engaged and people nearly had to be dragged out of the house for an afternoon hike to the top of the ridge.

We learned about fields and curves and groups, of basepoints and cofactors, secrets and signatures. Questions abounded and Trevor delivered the answers, one after another, albeit with enough handwaving that I thought he might lift off and fly himself back to the mainland. However, there was one question that even he could not answer: Why are they called elliptic curves?

From Weierstrass to Montgomery to Edwards formats, these geometric objects that form the essential mathematical underpinnings of many modern crypto systems are not defined by ellipses, nor do they resemble ellipses. Not even for very stretchy definitions of an ellipse. There is no immediately obvious connection. So why do we call them that?

As usual, to understand the universe, we must first bake an apple pie from scratch. Or at least pretend to.

I’ve been working with Open Whisper Systems on TextSecure for about a year and a half. I feel like I’ve earned better treatment than being forced to blog at knifepoint, but here we are, so I’ll tell my story.

The prophetic discourse of the Karai can be summed up in an observation and a promise: on the one hand, they constantly affirmed the fundamentally evil character of the world, on the other, they insisted that conquest of a good world was possible. “The world is evil! The world is ugly!” they said. “Let us abandon it!” they concluded. […] In short, it was not the discourse of the prophets that was unhealthy, but indeed, the world in which they spoke, the society in which they lived.

At the peak of the Soviet Union’s civic society, more than five-hundred thousand Soviets belonged to a complex, almost ecological system of bureaucracy known as the Nomenklatura. Itself a reference to the Roman ‘list of names’ – a codified taxonomy into which people could be organized and signified – the Soviet government was built and constrained through social proximity.

The initial idea was to institute a horizontal decision-making system. A methodology that could define and populate thousands of roles for the collaborative administration of social order: ministers of industry, pedagogy, natural resources, foreign relations, internal affairs, communications, and so on.

It was a form of governance intended to gradually flatten a hierarchy that the early industrial revolution had exaggerated. However, over time the mechanics revealed – somewhat conversely – a total institutionalization of ‘nepotism’. Certain senior members of the Nomenklatura had the privilege to appoint new members, and maintain long lists of qualified candidates. New members, now obliged from a favor, formed allegiances to their patrons. Patrons themselves carried social debts to those who appointed them, and it went on like this up the stack into the inner circle. The hierarchy didn’t flatten, it sharpened.

Speed ahead to our modern life. My social relations are all but completely virtualized. My list of friends and followers, contacts and matches, profiles and handles … all thrum wildly. Apps are released every week which impose and constrain my lists into new formations, reconstructing my social life over and over. It’s possible to see the reflection of Soviet governance in our own lives today; perhaps there are hundreds of thousands of members (less, probably) of a new bureaucratic class – technocratic knowledge workers, let’s say – who organize and signify civic life in the contemporary age. Building cooperative protocols and APIs and apps and networks. Designing the interfaces and behaviors and experiences of everyone else. Teaching but sometimes refusing to learn, giving generously but sometimes taking without permission, anticipating what we want but often supposing what we want without asking. Designing our dismal fate. Slowly appointing their heirs by proximity.

As a publisher and designer, I count myself among this degenerate few and tread carefully whenever I manage to move or speak at all.

As it does every morning, the day started with Moxie singing the stand-up song, reminding us all (and waking up the slackers) that at 9am sharp we all get in a circle to discuss what we accomplished the day before and what our priorities are for the coming day.

Because I might get sappy, here’s a picture to ease that before I let it all out.

After being promptly woken up by numerous roosters at 7:30 AM, I still can’t believe I’m here. My application was pretty last-minute, completed when I was in a state of droopiness and scholarship-application-hyperdrive. But I got on a plane from the Midwest, went from cloudy, 20 degrees with windchill making it feel like 0 to sunny, 77 degrees with mild winds making it feel still 77 degrees.

I woke up this morning feeling like this routine was normal, instead of implausible. Two days ago, I was in New York City, riding the train with millions of other commuters in the freezing snow. Today, I went surfing on a beach in beautiful Kauai. In the same absurd fashion, I shared meals, stories, and workspaces with people, who days earlier, I had only read about and admired from afar. The promises of the Winter Break of Code seem impossible: a vacation in paradise, large milestones of work to be met, a welcoming space with talented companions. But when Moxie came into the bedroom this morning strumming his ukulele to wake us for the daily morning stand-up, up we were, ready to claim the small victories in the browser extension project, the Signal iOS client, and the Android applications from the day prior and to lay out plans to further the state of user-friendly secure communication tools.

Every year when we do this kind of call for proposals, our experience from past events sets our expectations higher. Even with really high expectations this time around, we were blown away by the number of high-quality proposals we received for this winter. It’s inspiring to know how many people are thinking seriously about the development of privacy-enhancing technology, and we hope that one day we’ll have a space large enough to accept all the proposals that we wish we could.

At Open Whisper Systems, our goal is to make private communication simple. For the past three years, we’ve been developing a modern, open source, strong encryption protocol for asynchronous messaging systems, designed to make seamless end-to-end encrypted messaging possible.

Today we’re excited to publicly announce a partnership with WhatsApp, the most popular messaging app in the world, to incorporate the TextSecure protocol into their clients and provide end-to-end encryption for their users by default.

This January, Open Whisper Systems will be hosting a Winter Break Of Code. We’ve managed to get access to a large beachfront house in Kauai for three weeks, and we’re inviting people to join us. If you’re interested in spending one to three weeks in Hawaii working collaboratively on an Open Source project to make private communication simple, we’ll take care of your airfare and housing so that you can be there.

Winter Break Of Code is an opportunity for designers, developers, writers, strategists, and creative thinkers interested in privacy and security to spend some time contributing to privacy-related projects in a retreat-like setting with other co-conspirators. Think of it as an extended hackathon, but with your travel expenses paid, and with breaks for surfing, hiking, swimming, and just generally being in Kauai.

Everything that Open Whisper Systems produces is free and Open Source. We’ve been working on apps like Signal, TextSecure, RedPhone, and Flock for years now, because we believe that it’s possible to develop well-designed apps that are both privacy-preserving and a joy to use.

At Open Whisper Systems, we want everyone to have access to advanced secure communication tools that are as easy and reliable to use as making a normal phone call or sending a normal text message.

Over the past year, we’ve been working to bring the privacy software we’ve developed for Android to the iPhone, and today we’re releasing Signal – free, worldwide, encrypted voice calls for iPhone, and fully compatible with RedPhone for Android.

One of the major features we introduced in the TextSecure v2 release was private group chat. We believe that group chat is an important feature for encrypted communications projects, so we wanted to try to summarize some of the existing work in this area, as well as how TextSecure’s group chat protocol functions.

Today’s release of TextSecure is the final step in the transition from a private SMS app to a private asynchronous IM app that does not depend on SMS/MMS.

Using the lessons we’ve learned from the SMS environment over the past four years, we’ve developed an open protocol for asynchronous chat that enables private communication instantly with friends, private groups for real-time collaboration, and the ability to quickly and seamlessly share media privately – all without depending on SMS.

Spring Break of Code 2013 I cut open my foot and hand while surfing; both wounds easily warranted stitches. Winter Break of Code 2014 I banged the top of my foot surfing over some coral; the cuts were sealed within minutes. Spring Break of Code 2013 I struggled with the Android SDK, while Winter Break of Code 2014 I caught myself taking a few too many short-cuts. On day zero nothing is easy, but over time you improve, spilling a little less blood every time.

A lot of great memories will stay with me after this intense week. The house surrounded by palm trees, people with computers in every corner, laying down on a sofa, chatting on the balcony, and sitting down on the carpet. The surf and hiking breaks on this astonishing Kauai’s landscape, sharp mountains covered by forests falling into beaches of fine sand and fun waves. The nights spiced with Moxie’s tasty cocktails and long deep conversations about the meaning of life, the internet and everything.

Understanding digital privacy under capitalism

If commodities could speak, they would say this: our use-value may interest men [sic], but it does not belong to us as objects. What does belong to us as objects, however, is our value. Our own intercourse as commodities proves it. We relate to each other merely as exchange-values.

– Marx, Capital: A Critique of Political Economy, Vol 1.

Thus spake the commodity

Marx saw modernity more acutely than most of his contemporaries, and provided a description of capitalism that remains, in my opinion, quite useful.

However, we must be brave enough to attempt to understand his description of the relationship between commodity and value in the context of a world very different from Industrial Revolution-era Europe. That is, one which includes the strange new primordial soup of the internet and capital.

Imagine, as Marx expects of us in the passage above, that an “internet” commodity could speak. What would it say?

At the Open Whisper Systems spring break of code in 2013, I started work on TextSecure iOS. People are chomping at the bit to use our software on iOS. After a hiatus from the project, I’ve been happy to return to it over the last few months, joining some other contributors, including Frederic Jacobs as co-lead, Alban Diquet, and Claudiu-Vlad Ursache submitting pull requests, even over the holidays, with important cryptographic storage and UI-polishing contributions, and Bitcoin donations coming in from around the world.

We are at the halfway point of Winter Break of Code. We have two homes near the beach shared by 12 people. 10 of us are working on the apps & website and 2 are leading up delicious dinner efforts. We’ve spent time on the beach, in the ocean, in the mountains, and of course working. Concepts for future startups and tactics about self-publishing books are brewing, and conversations are lined with politics and activism. Work sessions are focused on making cryptography usable in existing Android apps and soon-to-be-released iPhone apps.

By all rights, I should not be here. My application was last-minute to say the least, and little more than a casual note that I’d be down to reprise my role from SBoC as web hacker for whispersystems.org. Maybe it was because of my work in the previous months on tweaking the site layout to be responsive, or because @bcrypt (who is infinitely more qualified) was too dedicated to her work at the EFF to take the time off, or because my birthday happened to fall on this week, but for one reason or another, the universe smiled, and here I am.

The Winter Break of Code, being closely linked by name to the season of Winter, began with a calm trickle of ex{hausted,cited} people carrying laptops and cell phone collections after a parade of delays and weather issues. Off the plane after a pitch-black descent, the humid fresh smell distinct to this place along with my feet landing on soil was a good hint that we were indeed on an island and this was actually happening. It was very welcome.

Building a social network is not easy. Social networks have value proportional to their size, so participants aren’t motivated to join new social networks which aren’t already large. It’s a paradox where if people haven’t already joined, people aren’t motivated to join.

The trouble is that while building a social network is hard, most interesting software today is acutely “social.” Even privacy-enhancing technology, which seems anathema to the aesthetic of social networking, is tremendously social. For people to effectively use private communication software like TextSecure, they need to be able to know how to contact their friends using TextSecure.

At Open Whisper Systems, we often get emails from people who’d like to donate money to the project. For an OSS project, particularly one that aspires to a collective sense of ownership, handling donations is not always entirely straightforward.

The fundamental contradiction is that while donations are meant for a project, they’re traditionally sent to a person. Even if a project sets up a bank account, there are still only a few people who have access to the money itself, and distributing it appropriately can be hard to figure out.

It’s never been clear to us how we should handle small donations, so oftentimes when people ask about donating, we just tell them that the best way to help is to use the software, spread the word, and file well-documented bugs when they find them. Which is true! But it’d also be great if we had a nice system for handling donations that matched our objectives for collective ownership.

After our wonderful experience with Spring Break Of Code, we were excited to try this again. Even with high expectations based on our experience in the Spring, the response was still better than what we could have hoped for. The hundreds of high-quality proposals we received were really inspiring, and we hope that one day we can get a space large enough for all of the amazing people who are passionate about the development of privacy-enhancing technology.

We think the final lineup of those attending in January is going to be great:

At Open Whisper Systems, we’re working to both advance the state of the art for secure communication and also reduce the friction required for ordinary people to make use of it. We want everyone to have access to advanced secure communication methods that are as easy and reliable to use as making a normal phone call or sending a normal text message.

With these goals in mind, we’ve been working with CyanogenMod over the past few months. CyanogenMod is an open source aftermarket Android firmware distribution with ten million users and ~20k installs a day. Their rapid growth is beginning to rival Microsoft for the third-largest smartphone OS distribution.

As of today, the TextSecure protocol will begin shipping as part of the CyanogenMod OS-level SMS provider, in an effort to provide completely transparent end-to-end text message encryption between all of their users.

At Open Whisper Systems, we’ve been working on improving our encrypted asynchronous chat protocol for TextSecure. The TextSecure protocol was originally a derivative of OTR, with minor changes to accommodate it for transports with constraints like SMS or Push. Some of the recent changes we’ve made include simplifying and improving OTR’s deniability, as well as creating a key exchange mechanism for asynchronous transports. Our most recent change incorporates what we believe to be substantial improvements to OTR’s forward secrecy “ratchet.”

At Open Whisper Systems, we’re focused on creating easy-to-use privacy-enhancing technology. Our projects are free, Open Source, and tend to be oriented around the mobile environment. We’ve been working on apps like TextSecure and RedPhone (which provide secure text messages and secure phone calls) for years now, because we believe that it’s possible to develop well-designed secure communication tools that are both privacy-preserving and a joy to use.

This winter, we’d like to invite you to join us for “Winter Break Of Code,” a week-long free trip to Kauai for anyone who’d like to spend a week working on this type of easy-to-use privacy-enhancing technology in a collaborative environment. We’ve rented a large beachfront house on the north coast of Kauai for everyone to stay in, and we’ll pay for your airfare. While there, you can split your time between island living and working on an Open Whisper Systems-related privacy project that you propose.

My cell phone used to be a black and white Nokia until a couple of weeks ago when I decided to enter in the smartphone world. Now that there are more mobile devices connected to the internet than computers, I think it’s time for me as well to discover the possibilities of this technology. During this few weeks I’ve been playing with my new toy, checking how to secure it, and seeing what free software is around to use cryptography on it.

From October 11th to October 13th, we’ll be hosting an informal Open Whisper Systems Alpine Hackathon for those in or around Zurich, Switzerland who would like to contribute to Open Whisper Systems-related projects in a collaborative setting with other co-conspirators.

Traditionally, asynchronous messaging systems such as email have relied on protocols like PGP or S/MIME for cryptographic security. These protocols work the way most people are familiar with: one who wishes to receive encrypted email advertises a public key, and those wishing to send encrypted email to that person encrypt their outgoing message with that public key.

At Open Whisper Systems we help develop TextSecure, an encrypted chat application for Android. TextSecure was designed as a general purpose SMS/MMS client which would also automatically encrypt conversations when communicating with other TextSecure users. For those encrypted sessions, TextSecure uses a compact derivative of the well-known OTR protocol.

We’re currently in the process of transitioning TextSecure to use a device’s data channel as a transport for communication with other TextSecure users whenever possible. This enables communication with the upcoming TextSecure for iOS, helps users avoid SMS fees, and obscures conversation metadata from telcos.

The transition to a new transport is also a good opportunity for us to evaluate and introduce additional cryptographic protocol changes. Below is one cryptographic protocol change we’re thinking of making that we’d welcome feedback on.

Open Whisper Systems is a project focused on developing Open Source security and privacy apps for the mobile environment. With all of the recent discussion about PRISM, Boundless Informant, and FISA orders, there has been a surge of new users and inquiries about how to get involved.

Because secure systems aren’t valuable if they’re not used, Whisper Systems has always focused on delivering strong cryptography alongside a great user experience. That’s the reason call quality has always been a priority in RedPhone’s development.

We know that, for many users, RedPhone has consistently delivered a call quality experience comparable to commercial mobile VoIP solutions. But we also hear from users who report problems like dropped calls, distracting levels of echo and latency, or inaudibly low in-call volume. While we investigate these reports and attempt to resolve them, we don’t have a clear view of what situations cause RedPhone’s call quality to degrade, or how to prioritize our development efforts.

I know very well that each and every crisis of modernity is concentrating, concatenating, and seating more deeply into everyday life. I know the struggles of the world’s unseen and unheard are being subsumed – appropriated – under and into the framework of a liberal democracy, leaving those at the periphery still under the yoke of capital. The Right further entrenches itself into political discourse, both in the United States, and (more extremely) abroad (Finland, Greece, … et al.). The Left is no less problematic: reiterating the petty values of social democracy, negotiating the terms of our entrapment within capitalism. Every season, new horrors fall from the clouds and rise from the seas as industrial civilization demonstrates that terraforming can also work in reverse. The world’s genetic library – the most prime commons, if ever one existed – is rapidly contracting via extinction, privatization, and engineering. The colossal failure of ideology in the twentieth century has left the radicals of today no other choice but to see themselves as “post-ideological”. This is a deeply concerning conundrum, as ideology survives in post-ideology, different only to the extent that it is less apparent. Yes, it seems like we are living in end times – an entire era of Apocalypse – made only more insidious by our optimism in its shadow.

The main sound on top of the ocean is the click clack of laptop keys, and the jangle of test calls and SMSes. A neighbor stopped by to comment that we must be the next Facebook, the next Google; working instead of surfing made sense in his mind only in the land of money at the end of the tunnel. He loaned us his stand up paddle boards, surely expecting a return on investment 10 fold down the line when we exited into the sunset. A journalist visiting Open Whisper Systems’ Spring Break of Code commented that she expected more philosophy, politics, and conversation. After all this group is composed of people who are not only technologists, but also open source evangelists, activists, and humanists. Lilia went over some of the why, but practically anyone could see we were concentrating on the how, and in the frenzied silence it was clear that a common philosophy was assumed and what bound us here was the challenges in the technology to power that philosophy.

I am no stranger to Hawaii. Although I’ve never lived here myself, I’ve visited the islands perhaps a dozen times. My grandmother and my father were born and raised here. My mother attended college here. I have aunts, uncles, and cousins who’ve lived on various islands, moved away, came back, moved away and back again. I even have Native Hawaiian blood in my veins.

But this trip is different. This time it’s not about family or heritage. This time, I have a mission: to make secure text messaging and calling easier, more accessible, and more prevalent.

“I am torn on how best to introduce myself out of context like this, the idea of rattling off facts from my resume is my first instinct, but that seems terribly conventional. With the goal of introducing myself and the entirety of my character, my second (highly unconventional) instinct is to link you to my online dating profile with the prayer that such an action would be taken in the desired context. Through my indecision I hope to explain who I am and why I would like to travel across the country to be involved with the Institute for Disruptive Studies. So here goes…”

One of the first times I met up with Moxie while travelling, we met at a dive bar in San Francisco’s Mission District, packed with hipsters. I had nineteen years, a modified state ID card, and just hitchhiked into town. We sat at the bar, and both ordered well gin and tonics.

I had a proposal, the sort of get-rich-quick scheme it seems that only 18th century pirates and lazy hacker-squatters are capable of contriving: We fly to China. Then, we spend a few grand purchasing a Chinese junk rig, and equip it with a system of pulleys so that we can man the sails from the cockpit, solo if necessary. Next, we fill the cabin with about as much potable water as we can carry and enough dried food to stave off starvation, and set a course across the northern arc of the Pacific – avoiding the treachery of the South Seas – for San Francisco. The choice of vessel was key, the battened sails and flattened hull of a Chinese junk rig make it arguably one of the safest ships to make a transoceanic voyage alone, not to mention the financial incentives: being rare in the Americas, a well-kept junk rig would go for anywhere from $50,000 to $250,000 USD – not to mention grant you free slip fees at just about any marina from Anchorage to Punta Arenas. How could anyone turn down such a preposterous plot which included adventure on the high seas, a high mortality risk, riches and notoriety?

It’s a busy time here at the Open Whisper Systems factory, and we need all the floor space we can get. We still have some first-edition T-Shirts that are taking up some space, so we’re offering them to you for the cost of shipping and handling.

We were excited about our Spring Break Of Code announcement, but the response was better than we anticipated: over 100 extremely impressive proposals from folks around the world who are passionate about pushing the envelope of security and privacy software. After reading all the proposals, we really wish we’d rented a bigger house.

In our previous post, we discussed the global infrastructure that allows RedPhone clients to find low-latency servers when establishing a call. This post discusses the techniques we use to retain call quality when network conditions are less than ideal.

RedPhone is our mobile app for end-to-end encrypted voice calls. When we talk about RedPhone, we tend to emphasize the cryptography, and how using it can help keep your communications safe. What we don’t talk about as much is the VoIP application underneath all of that, which it turns out was actually the hard part.

When we were developing RedPhone, we discovered that the cryptographic aspects of it were relatively straightforward. What we didn’t anticipate was how difficult the mechanics of delivering high-quality, low-latency, and highly available voice communication would be.

This describes the basic strategy we developed for the network side of low-latency and highly available calls.

This Spring will be the first Open Whisper Systems Spring Break Of Code, a week-long, expenses-paid retreat to Maui for folks who like software development, security, and the beach. We’ve rented a large beachfront house on the west coast of Maui for everyone to stay in, and will pay for your airfare. While there, you can split your time between island living and working on an Open Whisper Systems-related project that you propose.

Whisper Systems was a company focused on the development of mobile security software, which was acquired by Twitter in late 2011. Twitter very generously made some of the Whisper Systems software available under an Open Source license (GPLv3), which has since been under open development by the community. The software has seen a number of new releases based on that open development, and we’ve been calling the project for this continued work “Open Whisper Systems.” Welcome to the project’s new home.